Decrease in Conficker P2P?http://isc.sans.org/diary.html?storyid=6322
One of our regular contributers has been tracking Conficker related P2P traffic for the last several weeks. Oddly, from their point of view the traffic dropped off to near nothing around 8 PM GMT on April 30th.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-05-02T13:45+00:002009-05-02T13:45+00:002009-05-02T13:45+00:00Changes in Windows to Meet Changes in Threat Landscapehttp://blogs.technet.com/msrc/archive/2009/04/28/changes-in-windows-to-meet-changes-in-threat-landscape.aspx
Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable optical media (CD/DVD.).
Microsoft Security Response Center Bloghttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-04-28T09:372009-04-28T09:372009-04-28T09:37A timeline for Confickerhttp://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/Timeline
Conficker Work Grouphttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-04-26T05:38+00:002009-04-26T05:38+00:002009-04-26T05:38+00:00Conficker Worm Targets Microsoft Windows Systemshttp://www.us-cert.gov/current/archive/2009/04/09/archive.html#conficker_worm_information
US-CERT Current Activity
Researchers have discovered a new variant of the Conficker Worm on April 9, 2009. This variant updates earlier infections via its peer to peer (P2P) network as well as resuming scan-and-infect activity against unpatched systems. Public reporting indicates that this variant attempts to download additional malicious code onto victim systems, possibly including copies of the Waledac Trojan, a spam-oriented malicious application which has previously propagated only via bogus email messages containing malicious links.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-04-09T18:44-04:002009-04-09T18:44-04:002009-04-09T18:44-04:00W32.Downadup.Chttp://www.symantec.com/avcenter/venc/data/w32.downadup.e.html
Symantechttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-04-092009-04-092009-04-09WORM_DOWNAD.Ehttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.E
Exploiting Server Service Vulnerability (CVE-2008-4250, MS08-067)
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-04-082009-04-082009-04-08Infection Distribution for Confickerhttp://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution
Conficker Work Grouphttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-04-01T21:43+00:002009-04-01T21:43+00:002009-04-01T21:43+00:00Infection Distributionhttp://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution
The following maps outline all the known infections that we have seen as of Wednesday, 1 April 2009.
Conficker Work Grouphttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-04-01T21:43+00:002009-04-01T21:43+00:002009-04-01T21:43+00:00Conficker's domain routine has already startedhttp://www.f-secure.com/weblog/archives/00001643.html
F-Secure Weblog : News from the Lab
Infected computers use the local time as the trigger of when to start generating the list of 50,000 domains so in places where the local time is already April 1st, these computers are now actively polling for domains. And, until the GMT date is April 1st they are in fact polling for domains for 31st March. So far there hasn't been any updates available on those sites.
F-Securehttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-31T19:08+00:002009-03-31T19:08+00:002009-03-31T19:08+00:00When will it start?http://www.f-secure.com/weblog/archives/00001641.html
F-Secure Weblog : News from the Lab
F-Securehttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-31T11:18+00:002009-03-31T11:18+00:002009-03-31T11:18+00:00ThreatCON (2) => (2)https://tms.symantec.com/
On April 1, 2009, the Downadup.C worm will start using a changed version of its domain-generation algorithm. The worm uses this algorithm to compute a domain name from which it will try to download updates for itself.
Symantechttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-30T22:34+00:002009-03-30T22:34+00:002009-03-30T22:34+00:00Conficker Worm Targets Microsoft Windows Systemshttp://www.us-cert.gov/cas/techalerts/TA09-088A.html
Via US-CERT Mailing List
US-CERTTA09-088Ahttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-29T21:36-04:002009-03-29T21:36-04:002009-03-29T21:36-04:00DHS Releases Conficker/Downadup Computer Worm Detection Toolhttp://www.dhs.gov/ynews/releases/pr_1238443907751.shtm
The U.S. Department of Homeland Security (DHS) announced today the release of a DHS-developed detection tool that can be used by the federal government, commercial vendors, state and local governments, and critical infrastructure owners and operators to scan their networks for the Conficker/Downadup computer worm.
U.S. Department of Homeland Securityhttp://www.us-cert.gov/cas/techalerts/TA09-088A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-302009-03-302009-03-30Questions and Answers: Conficker and April 1sthttp://www.f-secure.com/weblog/archives/00001636.html
F-Secure Weblog : News from the Lab
F-Securehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-26T14:32+00:002009-03-26T14:32+00:002009-03-26T14:32+00:00Latest on Confickerhttp://isc.sans.org/diary.html?storyid=5860
The researchers at SRI International updated their Conficker paper today. This is by far one of the best analysis of the Conficker malware.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-20T02:48+00:002009-03-20T02:48+00:002009-03-20T02:48+00:00Conficker C Analysishttp://mtc.sri.com/Conficker/addendumC/
This addendum provides an evolving snapshot of our understanding of the latest Conficker variant, referred to as Conficker C.
SRI Internationalhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-20T02:32+00:002009-03-20T02:32+00:002009-03-20T02:32+00:00WORM_DOWNAD.KKhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.KK
Exploiting Server Service Vulnerability (CVE-2008-4250, MS08-067)
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-072009-03-072009-03-07W32.Downadup.Chttp://www.symantec.com/avcenter/venc/data/w32.downadup.c.html
Symantechttp://www.us-cert.gov/cas/techalerts/TA08-297A.html2009-03-062009-03-062009-03-06Win32/Conficker.Dhttp://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.D
Win32/Conficker.D is a variant of Win32/Conficker. Conficker.D infects the local computer, terminates services, blocks access to numerous security related Web sites and downloads arbitrary code. Conficker.D can relay command instructions to other Conficker.D infected computers via built-in peer-to-peer (P2P) communication. This variant does not spread to removable drives or shared folders across a network (as with previous variants). Conficker.D is installed by previous variants of Win32/Conficker.
Microsofthttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-03-042009-03-042009-03-04Update for Windows Autorunhttp://www.microsoft.com/technet/security/advisory/967940.mspx
The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.
MicrosoftMicrosoft Security Advisory (967940)http://www.us-cert.gov/cas/techalerts/TA09-020A.htmlhttp://www.us-cert.gov/cas/techalerts/TA08-297A.html2009-02-24T11:23-08:002009-02-24T11:23-08:002009-02-24T11:23-08:00New Variant of Conficker/Downadup Worm Circulatinghttp://www.us-cert.gov/current/archive/2009/02/24/archive.html#new_variant_of_conficker_downadup
US-CERT Current Activity
US-CERT is aware of public reports concerning a new variant of the Conficker/Downadup worm, named Conficker B++. This variant propagates itself via multiple methods, including exploitation of the previously patched vulnerability addressed in MS08-067, password guessing, and the infection of removable media. Most significantly, Conficker B++ implements a new backdoor with "auto-update" functionality, allowing machines compromised by the new variant to have additional malicious code installed on them. According to Microsoft, there is no indication that systems infected with previous variants of Conficker can automatically be re-infected with the B++ variant.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms08-067.mspx2009-02-23T17:02-04:002009-02-23T17:02-04:002009-02-23T17:02-04:00Win32/Conficker.Chttp://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.C
Win32/Conficker.C is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.
Microsofthttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-202009-02-202009-02-20Third party information on conficker (Version: 2)http://isc.sans.org/diary.html?storyid=5860
In an effort to provde YOU the enduser the ability to educate your self on this threat I will be posting as much information as possible, from as many sources as possible.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-13T14:30+00:002009-02-13T14:30+00:002009-02-13T14:30+00:00Microsoft Collaborates With Industry to Disrupt Conficker Wormhttp://www.microsoft.com/Presspass/press/2009/feb09/02-12ConfickerPR.mspx
Microsoft offers $250,000 reward for Conficker arrest and conviction.
Microsofthttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-122009-02-122009-02-12Microsoft Collaborates With Industry to Disrupt Conficker Wormhttp://www.icann.org/en/announcements/announcement-2-12feb09-en.htm
Today, Microsoft announced a partnership with technology industry leaders and academia to implement a coordinated, global response to the Conficker (aka Downadup) worm.
ICANN: Internet Corporation For Assigned Names and Numbershttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-122009-02-122009-02-12More tricks from Conficker and VM detectionhttp://isc.sans.org/diary.html?storyid=5842
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-10T20:14+00:002009-02-10T20:14+00:002009-02-10T20:14+00:00Some tricks from Conficker's baghttp://isc.sans.org/diary.html?storyid=5830
There have been a lot of discussions about various aspects of Conficker, definitely the most prevalent worm in last couple of years. Symantec posted a nice series of articles about how Conficker is innovative in various things. One of those innovative things is the use of the autorun.inf file on USB removable media.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-09T00:50+00:002009-02-09T00:50+00:002009-02-09T00:50+00:00Protect yourself from the Conficker computer wormhttp://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
The Conficker worm is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction.
Microsofthttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-062009-02-062009-02-06Increased activity targeting TCP port 445http://www.jpcert.or.jp/at/2009/at090002.txt
JPCERT/CCJPCERT-AT-2009-0002http://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-02-05T04:36+00:002009-02-05T04:36+00:002009-02-05T04:36+00:00Social Engineering Autoplay and Windows 7http://www.f-secure.com/weblog/archives/00001586.html
F-Secure Weblog : News from the Lab
The Downadup worm utilizes autorun.inf files to spread via removable devices such as USB drives. When is AUTORUN.INF really an AUTORUN.INF?, provided analysis. The autorun.inf uses some tricks, such as variable size, to help avoid detection.
F-Securehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-19T16:44+00:002009-01-19T16:44+00:002009-01-19T16:44+00:00Investigating and Verifying domains to block (Conficker.B/Downadup.B)http://isc.sans.org/diary.html?storyid=5704
As most of us know, investigation and verification of data plays a critical role in protecting our assets. Blind faith in what others say or do may of course lead to a call from a C level asking why his VP of sales cant get to his favorite vacation blog. Todays diary (and the updates that will follow) will share some of the process and findings of my investigation into the wonderful list of domains that was produced by F-secure that we have previously mentioned.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-17T05:00+00:002009-01-17T05:00+00:002009-01-17T05:00+00:00Widespread Infection of Win32/Conflicker/Downadup Wormhttp://www.us-cert.gov/current/archive/2009/01/16/archive.html#widespread_infection_of_win32_conflicker
US-CERT Current Activity
US-CERT is aware of public reports indicating a widespread infection of the Win32/Conflicker/Downadup worm. This worm exploits a previously patched vulnerability addressed in Microsoft Security Bulletin MS08-067. This worm attempts to propagate via multiple methods including removable media.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms08-067.mspx2009-01-16T18:27-04:002009-01-16T18:27-04:002009-01-16T18:27-04:00Calculating the Size of the Downadup Outbreakhttp://www.f-secure.com/weblog/archives/00001584.html
F-Secure Weblog : News from the Lab
The number of Downadup infections are skyrocketing based on our calculations. From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing.
F-Securehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-16T13:59+00:002009-01-16T13:59+00:002009-01-16T13:59+00:00Conficker's autorun and social engineering (Version: 2) http://isc.sans.org/diary.html?storyid=5695
One of the reasons for infecting so many machines is that Conficker uses multiple infection vectors: 1. It exploits the MS08-067 vulnerability, 2. It brute forces Administrator passwords on local networks and spreads through ADMIN$ shares and finally, 3. It infects removable devices and network shares by creating a special autorun.inf file and dropping its own DLL on the device.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-15T08:38+00:002009-01-15T08:38+00:002009-01-15T08:38+00:00More Than One Million New Infectionshttp://www.f-secure.com/weblog/archives/00001580.html
F-Secure Weblog : News from the Lab
Today's total infection count is an estimated 3,521,230 infections worldwide.
F-Securehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-14T14:33+00:002009-01-14T14:33+00:002009-01-14T14:33+00:00How Big is Downadup? Very Big.http://www.f-secure.com/weblog/archives/00001579.html
F-Secure Weblog : News from the Lab
2,395,963 infections worldwide.
F-Securehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-13T11:21+00:002009-01-13T11:21+00:002009-01-13T11:21+00:00Downadup / Conficker - MS08-067 exploit and Windows domain account lockouthttp://isc.sans.org/diary.html?storyid=5695
The storm center handlers mailbox has received a growing number of email inquiries regarding root cause for Windows domain account lockouts which we most likely attribute to the infection base of Downadup/Conficker malware variants.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-12T22:43+00:002009-01-12T22:43+00:002009-01-12T22:43+00:00MS08-067 Worm, Downadup/Conflickerhttp://www.f-secure.com/weblog/archives/00001576.html
F-Secure Weblog : News from the Lab
Downadup and other such similar worms exploit a vulnerability in the Windows Server service.
F-Securehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-08T19:49+00:002009-01-08T19:49+00:002009-01-08T19:49+00:00When is AUTORUN.INF really an AUTORUN.INF?http://www.f-secure.com/weblog/archives/00001575.html
F-Secure Weblog : News from the Lab
USB worms work by creating a file called AUTORUN.INF on the root of USB drives.
F-Securehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-07T12:52+00:002009-01-07T12:52+00:002009-01-07T12:52+00:00W32.Downadup Infection Statisticshttps://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/224
On July 7, Microsoft released a Security Bulletin outlining a vulnerability in the Access Snapshot Viewer ActiveX control. On or about this date, our honeypots began detecting this vulnerability exploited in what I can only describe as a Neosploit wrapper.
Symantec Security Response Blog : Malicious Codehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2009-01-06T12:39+00:002009-01-06T12:39+00:002009-01-06T12:39+00:00W32.Downadup.Bhttp://www.symantec.com/avcenter/venc/data/w32.downadup.b.html
Exploiting Server Service Vulnerability (CVE-2008-4250, MS08-067)
Symantechttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2008-12-302008-12-302008-12-30Win32/Conficker.Bhttp://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.B
Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.
Microsofthttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2008-12-292008-12-292008-12-29W32/Conficker.wormhttp://vil.nai.com/vil/content/v_153464.htm
McAfeehttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2008-11-242008-11-242008-11-24WORM_DOWNAD.Ahttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.A
Exploiting Server Service Vulnerability (CVE-2008-4250, MS08-067)
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2008-11-212008-11-212008-11-21W32.Downaduphttp://www.symantec.com/avcenter/venc/data/w32.downadup.html
Exploiting Server Service Vulnerability (CVE-2008-4250, MS08-067)
Symantechttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2008-11-212008-11-212008-11-21Win32/Conficker.Ahttp://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.A
Worm:Win32/Conficker.A is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled.
Microsofthttp://www.us-cert.gov/cas/techalerts/TA08-297A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx2008-11-212008-11-212008-11-21